dridex | aed13a2cc773d5e7d2a5dec2739328d12a1b3be21bee6a609fca1e9aba30c280 | Triage

Sharing

General

Target

ofivo.bin
Size

1.1MB
Sample

220909-m1b8safhg8
MD5

cae374e808266d76644b76dc4de9cd7f
SHA1

654c9b47636a3bbdf658786ea970d4ff5576734c
SHA256

aed13a2cc773d5e7d2a5dec2739328d12a1b3be21bee6a609fca1e9aba30c280
SHA512

027cf8ce307fef440a2f55cffcb3027774460414c3f5ddbc7f2c1392842e935edadb9ce319461ede64bb48cfeea5a5ade72cad8bc99879ee6237a151d694e276
SSDEEP

6144:P28+8EYDtVGk9SAb276xn0Ncbgm8jP4VBJwMO0Ho5:P2qJVtsAuwn8wWuJO0I5

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

131.100.24.230:443

188.165.17.91:8443

119.59.125.140:8172

rc4.plain

rc4.plain

Targets

- Target
  
  ofivo.bin
- Size
  
  1.1MB
- MD5
  
  cae374e808266d76644b76dc4de9cd7f
- SHA1
  
  654c9b47636a3bbdf658786ea970d4ff5576734c
- SHA256
  
  aed13a2cc773d5e7d2a5dec2739328d12a1b3be21bee6a609fca1e9aba30c280
- SHA512
  
  027cf8ce307fef440a2f55cffcb3027774460414c3f5ddbc7f2c1392842e935edadb9ce319461ede64bb48cfeea5a5ade72cad8bc99879ee6237a151d694e276
- SSDEEP
  
  6144:P28+8EYDtVGk9SAb276xn0Ncbgm8jP4VBJwMO0Ho5:P2qJVtsAuwn8wWuJO0I5
Score

10^/10

dridex 10111 botnet discovery evasion trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscoveryevasiontrojan

behavioral2

dridex10111botnetdiscoveryevasiontrojan